Harden PKCS7 and OCSP error handling

[prasden]

Issues:

Addresses P409219367

Description of changes:

This PR adds hardening fixes for PKCS7 and OCSP brought up by Penpal testing:

• PKCS7_dataInit did not check the return value of ASN1_OCTET_STRING_new() in pkcs7.c. We now check for NULL.
• pkcs7_signature_verify used OPENSSL_memcmp for digest comparison in pkcs7.c. We now use CRYPTO_memcmp for constant-time comparison.
• OCSP_parse_url did not initialize *pssl alongside other output parameters in ocsp_lib.c. We now initialize before any return paths.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 80.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 78.13%. Comparing base (9651480) to head (390a727).

Files with missing lines	Patch %	Lines
crypto/pkcs7/pkcs7.c	66.66%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3237   +/-   ##
=======================================
  Coverage   78.12%   78.13%           
=======================================
  Files         689      689           
  Lines      123214   123218    +4     
  Branches    17137    17137           
=======================================
+ Hits        96257    96271   +14     
+ Misses      26047    26036   -11     
- Partials      910      911    +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.